F081. Lack of multi-factor authentication

Description

Critical services of the system,
such as databases, shared resources containing sensitive information and web
services, are not protected by a multi-factor authentication mechanism.
This makes it easier for an attacker who has compromised a user’s account to
access those resources.